如何删除 SHV4 / SHV5 Rootkit?
我已经看到我的系统有两种 rootkit:SHV4 / SHV5。(我要在这里添加一个日志)我试图删除它,但我不能。
有人可以推荐我任何方法吗?
[ Rootkit Hunter version 1.3.8 ]
Checking system commands...
/usr/bin/md5sum [ Warning ]
/usr/bin/pstree [ Warning ]
/usr/bin/top [ Warning ]
/usr/bin/unhide.rb [ Warning ]
/sbin/ifconfig [ Warning ]
/bin/ls [ Warning ]
/bin/ps [ Warning ]
/bin/netstat [ Warning ]
Checking for rootkits...
cb Rootkit [ Warning ]
SHV4 Rootkit [ Warning ]
SHV5 Rootkit [ Warning ]
Checking for possible rootkit strings [ Warning ]
Checking the local host...
Checking for root equivalent (UID 0) accounts [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for running syslog daemon [ Warning ]
Checking the local host...
Checking for root equivalent (UID 0) accounts [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for running syslog daemon [ Warning ]
你需要其他类型的日志文件吗?
提前致谢
您的系统现在已受到威胁。从轨道上核对它并从受信任的状态(备份)恢复。
如果您的系统遭到入侵,除了恢复上次已知的良好备份并修补攻击者首先利用的漏洞之外,没有安全的方法可以删除 rootkit。